Hello All, I am considering writing my config out in an iptables-save format rather than my list which gets loaded in a perl script which takes a long time. In researching the file format I see # which is a comment, but what is a : like the below lines? Do I need these if I have my -A INPUT -j CIDR-ASIAN -A CIDR-ASIAN -s 58.14.0.0/255.254.0.0 -p tcp -j LOG --log-prefix "SPAM-BLOCK-CIDR-ASIAN" -A CIDR-ASIAN -s 58.14.0.0/255.254.0.0 -p tcp -m tcp --dport 25 -j DROP If I do need them, does the sequence matter of when I execute my :CIDR-ASIAN - [0:0] -vs- when I execute the above? # Generated by iptables-save v1.2.11 on Wed Oct 22 04:14:00 2008 *filter :INPUT ACCEPT [5420870:1818203807] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [6422769:3043272788] :CIDR-ASIAN - [0:0] :CIDR-CZECH - [0:0] :CIDR-DROP - [0:0] :CIDR-IISG - [0:0] :CIDR-INDIA-KOREA - [0:0] :CIDR-POLAND - [0:0] :CIDR-RUSSIA - [0:0] :CIDR-TURKEY - [0:0] :CIDR-UK - [0:0] :fail2ban-postfix - [0:0] :fail2ban-postfix-log - [0:0] Thanks, Joey -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
